How does the reverse proxy change internal and external security posture with a reverse proxy compared to not having a reverse proxy?
For example, you have a publicly accessible iis server, what is ...

Little background: I forgot one of my CCTV accounts password, so used the admin account to create a new one. However I can't access the old one as it's not possible to change a user account password, ...

Context:
I want to reverse engineer a protocol in place for the Nintendo 3DS. The implementation however, uses TLS, which makes it difficult to reverse engineer. I'm currently able to sniff packets ...

I'm looking at some malware PCAPs, e.g. http://malware-traffic-analysis.net/2014/05/27/index.html .
One of the things I've been seeing frequently is requests to alexa top million sites (e.g. yandex, ...

I am new to the field of crash analysis. I recently, by accident, happened to crash Google Chrome. I do not know the reason as to why the crash really happened. I'd like to know it in depth though.
...

I have been involved in disassembling Android apps using baksmali and dexpler. Whenever I disassemble an app, I find the packages and package hierarchy (that would have been available in development ...

first post here so be gentle please!
I understand the Heartbleed vulnerability concept, and I have a general grasp of Python. I'm struggling to understand the PoC Python code though, so was after a ...

I have a web service which is used by a Flash client. Both the service and the Flash client is produced by me (read: my company). The Flash client communicates with the server over HTTPS.
One of the ...

I'm confused by some terminology - reverse engineering seems to me to be pretty similar to exploit researching. I mean if you can reverse one program probably you will be able to find a vulnerability, ...

Do disassemblers detect the use of C/C++ standard functions and specify them in the output code, adding the #include line to the appropriate header file (such as stdio.h or even windows.h)?
If not, ...

I'm working on a project where websites are analyzed and rated according to password security (factors like min/max password length, alphabet size and more are then calculated into a score).
A great ...

Is it worth to obfuscate a java web app source code so that the web host cannot make wrong use of the code or even steal your business? If so, how should this be dealt with? How should we obfuscate?
...

Given that there are clear advantages to using some block modes of encryption over another, and I would like to ensure that all software used in the enterprise uses a certain "level" of security I'd ...

I suppose that if a file is executable by anyone, in other words, if a user has enough permissions to execute an executable in Windows, it will be possible to read the contents of the executable and ...

I have a web application running on Glassfish 3.1.2 servlet container and I need a way to protect the compiled java classes. I have tried to obfuscate the source code but it didn't work.
The project ...

So, I'm currently 16 and am considering a career in IT when I finish school. The thing that has intrigued me the most while growing up is malware. I've come across it so often and have often had to ...

Recently, while looking at some Perl CGI files, I came across this. I am not familiar enough with Perl to know exactly what it means, but I did attempt to base64 decode the string to no effect. Can ...

I have a question about SHA256. I know that this algorithm was used to encrypt a text, which I have. I also have the encrypted version of this text. My question is, can I somehow get to the encryption ...

I implemented an applet in java to authenticate users at my website by the usage of MIFARE cards and everything is working good. However I am concerned about the applet's authenticity, in other words, ...

I need to analyze a java application (a .jar file) for a war game. I know java can be decompiled, but the coder apparently did a lot of obfuscation to prevent the reverse engineers from understanding ...

Is java class file or jar file is easy to reverse engineer? Because java generates a class file after compilation and not exe files. Is jar and class files are easy to decompile compare to c# and C++? ...

I have read that the pe loader is responsible for loading executable images from disk. When and where is the control flow exactly transferred to the loader? The pe format is well documented but there ...

On the surface, the inadvisability of security through obscurity is directly at odds with the concept of shared secrets (i.e. "passwords"). Which is to say: if secrecy around passwords is valuable, ...

When executables are packed with a tool such as UPX, the real code and data sections are encrypted or obfuscated, then loaded into memory using an injected decrypter stub. This makes static analysis ...